carterkozak commented on a change in pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#discussion_r760403424
##
File path:
log4j-core/src/main/java/org/apache/logging/log4j/core/net/JndiManager.java
##
@@ -168,21 +206,89 @@ protected boolean releaseSub(
erikma opened a new pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78
After migrating to .NET 6 the %thread field became useless for threadpool
threads. Restore logging of the numeric thread ID for this case.
--
This is an automated message from the Apache Git Serv
erikma commented on pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-984070879
For https://issues.apache.org/jira/browse/LOG4NET-680
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use
jmdavison46 opened a new pull request #76:
URL: https://github.com/apache/logging-log4cxx/pull/76
Added macros "LOG4CXX_VERSION_{MAJOR,MINOR,PATCH,TWEAK}",
"LOG4CXX_MAKE_VERSION", "LOG4CXX_VERSION", and
"NXT_LOG4CXX_VERSION_GET_{MAJOR,MINOR,PATCH,TWEAK}". These macros provide
compile-tim
rgoers merged pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
rgoers closed pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notificati
rgoers commented on pull request #607:
URL: https://github.com/apache/logging-log4j2/pull/607#issuecomment-986180203
I'm not sure why this wasn't closed as merged by GitHub but I manually
merged it.
--
This is an automated message from the Apache Git Service.
To respond to the messag
rgoers commented on pull request #392:
URL: https://github.com/apache/logging-log4j2/pull/392#issuecomment-986181176
I was going to apply this but it now has conflicts. Can you please rebase
your fork?
--
This is an automated message from the Apache Git Service.
To respond to the message
dependabot[bot] opened a new pull request #610:
URL: https://github.com/apache/logging-log4j2/pull/610
Bumps [maven-core](https://github.com/apache/maven) from 3.6.0 to 3.8.4.
Commits
https://github.com/apache/maven/commit/9b656c72d54e5bacbed989b64718c159fe39b537";>9b656c7
[ma
dependabot[bot] commented on pull request #560:
URL: https://github.com/apache/logging-log4j2/pull/560#issuecomment-986419531
Superseded by #610.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to
dependabot[bot] closed pull request #560:
URL: https://github.com/apache/logging-log4j2/pull/560
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: n
dependabot[bot] opened a new pull request #611:
URL: https://github.com/apache/logging-log4j2/pull/611
Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.3.1
to 2.4.0.
Release notes
Sourced from https://github.com/actions/setup-java/releases";>actions/setup-j
coldtobi opened a new pull request #77:
URL: https://github.com/apache/logging-log4cxx/pull/77
… for cmake/pkgconfig target
https://issues.apache.org/jira/browse/LOGCXX-536
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to
rschmitt commented on pull request #392:
URL: https://github.com/apache/logging-log4j2/pull/392#issuecomment-987320388
Should be okay now. It was non-trivial to get the tests working on JDK11.
--
This is an automated message from the Apache Git Service.
To respond to the message, please l
vy merged pull request #611:
URL: https://github.com/apache/logging-log4j2/pull/611
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
wcc526 commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-989762094
Is it a security vulneribity?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to
wcc526 edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-989762094
Is it a security vulnerability?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above
qxo opened a new pull request #612:
URL: https://github.com/apache/logging-log4j2/pull/612
--
This is an automated message from the Apache Git Service.
To respond
vy closed pull request #612:
URL: https://github.com/apache/logging-log4j2/pull/612
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #612:
URL: https://github.com/apache/logging-log4j2/pull/612#issuecomment-989987143
Thanks! Merged into both `master` and `release-2.x`.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
Glavo commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990065982
> Is it a security vulnerability?
I think it is.
It is very surprising that this critical security issue does not seem to
have received due attention. It was rep
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990070794
> > Is it a security vulnerability?
>
> I think it is.
>
> It is very surprising that this critical security issue does not seem to
have received due atte
Glavo commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911
> > > Is it a security vulnerability?
> >
> >
> > I think it is.
> > It is very surprising that this critical security issue does not seem to
have received due a
Glavo edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911
> > > Is it a security vulnerability?
> >
> >
> > I think it is.
> > It is very surprising that this critical security issue does not seem to
have receive
Glavo edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990094911
> > > Is it a security vulnerability?
> >
> >
> > I think it is.
> > It is very surprising that this critical security issue does not seem to
have receive
GalvinGao commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990106334
> > > > Is it a security vulnerability?
> > >
> > >
> > > I think it is.
> > > It is very surprising that this critical security issue does not seem
to have
GalvinGao edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990106334
> > > > Is it a security vulnerability?
> > >
> > >
> > > I think it is.
> > > It is very surprising that this critical security issue does not seem
t
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990213446
Your patience will soon be rewarded...
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990217634
Also, if this matters to you so much, why not show it with a donation to the
Apache Software Foundation https://www.apache.org/foundation/contributing.html
or this pro
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990264908
> > > > > Is it a security vulnerability?
> > > >
> > > >
> > > > I think it is.
> > > > It is very surprising that this critical security issue does not
seem t
zhangyoufu commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306
You can't ask everybody to upgrade to 2.15 at once. The `formatMsgNoLookups`
option is available to log4j ≥ 2.10 only.
Thanks to LOG4J2-703, I think it's quite saf
zhangyoufu edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306
You can't ask everybody to upgrade to 2.15 at once. The `formatMsgNoLookups`
option is available to log4j ≥ 2.10 only.
Thanks to
[LOG4J2-703](https://githu
zhangyoufu edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306
You can't ask everybody to upgrade to 2.15 at once. And the
`formatMsgNoLookups` option is available to log4j ≥ 2.10 only.
Thanks to
[LOG4J2-703](https://g
zhangyoufu edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990305306
You can't ask everybody to upgrade to 2.15 at once. And the
`formatMsgNoLookups` option is available to log4j ≥ 2.10 only.
Thanks to
[LOG4J2-703](https://g
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990474429
Update: the vote for log4j-2.15.0 passed and the release is in progress.
I can see the log4j web site reflecting the [log4j 2.15.0
release](https://logging.apache.org/
remkop edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990474429
Update: the vote for log4j-2.15.0 passed and the release is in progress.
I can see the log4j web site reflecting the [log4j 2.15.0
release](https://logging.apac
moonming commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990484436
@remkop thanks for your great work 👍
I come from the [Apache APISIX](https://github.com/apache/apisix) community,
and we can intercept this security vulnerability at the
yuezk commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990484694
Hi @rgoers, is log4j 1.x vulnerable?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
> Hi @rgoers, is log4j 1.x vulnerable?
Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. I also
could not find any other reference to JNDI in the [l
remkop edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
> Hi @rgoers, is log4j 1.x vulnerable?
Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. I also
could not find any other reference to JNDI in
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990499954
We need to look at the log4j 1 JMS Appender which I thought had at least
programmatic support for JNDI.
Gary
On Thu, Dec 9, 2021, 20:26 Remko Popma ***@
garydgregory commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990504842
As documented here:
https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/JMSAppender.html
Gary
On Thu, Dec 9, 2021, 20:30 Gary Gregory ***
remkop edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990494126
> Hi @rgoers, is log4j 1.x vulnerable?
Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~~I
also could not find any other reference to JNDI
JLLeitschuh commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990527697
Is this fix insufficient in the context of an SSRF vulnerability? IE. can an
attacker still make malicious requests that abuse this from localhost if
another local serv
zhiweiv commented on pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990534030
Any chance to merge this and release a new version asap?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and
MyUsernamee edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644
Quick Question, there is a remote code execution vulnerability in minecraft
from what I understand. From what I can tell it is somehow related to this.
Does anyo
Glavo commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536602
I provide a patch library to solve this vulnerability (disable JNDI lookup):
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch)
It provides an empty `JndiLookup`
MyUsernamee commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644
Quick Question, there is a remote code execution vulnerability from what I
understand. From what I can tell it is somehow related to this. Does anyone
know if this the
MyUsernamee edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644
Quick Question, there is a remote code execution vulnerability in Minecraft.
From what I can tell it is somehow related to this. Does anyone know if this
the cau
zhiweiv edited a comment on pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990534030
Any chance to merge this and release a new version asap? It is a big problem
for .net 6.0.
@fluffynuts
--
This is an automated message from the Apache Git Servic
MyUsernamee removed a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990536644
Quick Question, there is a remote code execution vulnerability in Minecraft.
From what I can tell it is somehow related to this. Does anyone know if this
the ca
Glavo commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990539235
> Quick Question, there is a remote code execution vulnerability in
Minecraft. From what I can tell it is somehow related to this. Does anyone know
if this the cause?
remkop commented on a change in pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#discussion_r766293495
##
File path: src/site/xdoc/manual/appenders.xml
##
@@ -1555,6 +1555,33 @@ public class ConnectionFactory {
Default
Desc
Glavo commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published
to Maven Central. If anyone cannot update to 2.15, he/she only needs to add
log4j-patch as the fi
linux-ops commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440
> > Hi @rgoers, is log4j 1.x vulnerable?
>
> Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I
also could not find any other reference to JNDI
linux-ops edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440
> > Hi @rgoers, is log4j 1.x vulnerable?
>
> Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I
also could not find any other reference
linux-ops edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440
> > Hi @rgoers, is log4j 1.x vulnerable?
>
> Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I
also could not find any other reference
linux-ops edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990629440
> > Hi @rgoers, is log4j 1.x vulnerable?
>
> Hi @yuezk, as far as I can tell, log4j 1.x does not support lookups. ~I
also could not find any other reference
Glavo edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published
to Maven Central. If anyone cannot update to 2.15, he/she only needs to add
log4j-patch as
Glavo edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published
to Maven Central. If anyone cannot update to 2.15, he/she only needs to add
log4j-patch as
jsoref opened a new pull request #613:
URL: https://github.com/apache/logging-log4j2/pull/613
https://issues.apache.org/jira/browse/LOG4J2-3203
This PR corrects misspellings identified by the [check-spelling
action](https://github.com/marketplace/actions/check-spelling).
The m
zuoshangs commented on pull request #613:
URL: https://github.com/apache/logging-log4j2/pull/613#issuecomment-990646688
emm
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
zuoshangs commented on pull request #537:
URL: https://github.com/apache/logging-log4j2/pull/537#issuecomment-990647528
Lambda is not necessary
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to th
fluffynuts commented on pull request #78:
URL: https://github.com/apache/logging-log4net/pull/78#issuecomment-990650366
@zhiweiv I was spinning up a release not too long ago - there are some other
small fixes that I'd like to get out. I just got a little swamped with other
stuff in the mea
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990661374
> @remkop Which description is correct ?
@linux-ops You are asking me? Well, in my totally objective, completely
unbiased opinion, there is no doubt that my comment is
Baoqi commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990674220
@remkop , thanks for your reply. Just want to make it more clear, because
many people reach this issue mainly for the "JNDI lookup" CVE, so, for log4j
1.x, although it conta
sunnypav commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990683057
I guess the RCE can be exploited by using a message which has a JNDI lookup
which, is not possible in log4j 1.x as it doesn't support lookups. And JMS
Appender can be adde
sunnypav edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990683057
I guess the RCE can be exploited by using a message which has a JNDI lookup
which, is not possible in log4j 1.x as it doesn't support lookups. And JMS
Appender can
suesunss commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990711764
I saw 2.15.0 was uploaded to the maven central:
https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/
Could anyone point out if thi
Glavo edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990620253
[Glavo/log4j-patch](https://github.com/Glavo/log4j-patch) has been published
to Maven Central. If anyone cannot update to 2.15, he/she only needs to add
log4j-patch as
utam0k commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990716441
@remkop Hi! Thanks for your work and the community response.
Do you have any plans to backport the response to this vulnerability to
older versions of the 2.x?
--
This
vy commented on pull request #537:
URL: https://github.com/apache/logging-log4j2/pull/537#issuecomment-990727014
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #537:
URL: https://github.com/apache/logging-log4j2/pull/537
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #511:
URL: https://github.com/apache/logging-log4j2/pull/511#issuecomment-990727878
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy commented on pull request #512:
URL: https://github.com/apache/logging-log4j2/pull/512#issuecomment-990727989
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #511:
URL: https://github.com/apache/logging-log4j2/pull/511
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy closed pull request #512:
URL: https://github.com/apache/logging-log4j2/pull/512
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #529:
URL: https://github.com/apache/logging-log4j2/pull/529#issuecomment-990728066
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #529:
URL: https://github.com/apache/logging-log4j2/pull/529
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #532:
URL: https://github.com/apache/logging-log4j2/pull/532#issuecomment-990728248
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy commented on pull request #530:
URL: https://github.com/apache/logging-log4j2/pull/530#issuecomment-990728194
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #532:
URL: https://github.com/apache/logging-log4j2/pull/532
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy closed pull request #530:
URL: https://github.com/apache/logging-log4j2/pull/530
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #534:
URL: https://github.com/apache/logging-log4j2/pull/534#issuecomment-990728326
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #534:
URL: https://github.com/apache/logging-log4j2/pull/534
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy closed pull request #535:
URL: https://github.com/apache/logging-log4j2/pull/535
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy closed pull request #536:
URL: https://github.com/apache/logging-log4j2/pull/536
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #535:
URL: https://github.com/apache/logging-log4j2/pull/535#issuecomment-990728405
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy commented on pull request #536:
URL: https://github.com/apache/logging-log4j2/pull/536#issuecomment-990728479
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #538:
URL: https://github.com/apache/logging-log4j2/pull/538
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
vy commented on pull request #538:
URL: https://github.com/apache/logging-log4j2/pull/538#issuecomment-990728731
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy commented on pull request #539:
URL: https://github.com/apache/logging-log4j2/pull/539#issuecomment-990728839
We have shared with @arturobernalg in the dev mailing list that we are
understaffed to deal with the cosmetic changes he has proposed so far, hence
closing the ticket.
--
Thi
vy closed pull request #539:
URL: https://github.com/apache/logging-log4j2/pull/539
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-
iweiss commented on a change in pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#discussion_r766474285
##
File path: src/site/xdoc/manual/appenders.xml
##
@@ -1555,6 +1555,33 @@ public class ConnectionFactory {
Default
Desc
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990753698
> I saw 2.15.0 was uploaded to the maven central:
>
>
https://repo.maven.apache.org/maven2/org/apache/logging/log4j/log4j-api/2.15.0/
>
> Could anyone point out
remkop commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990758663
> @remkop , thanks for your reply. Just want to make it more clear, because
many people reach this issue mainly for the "JNDI lookup" CVE, so, for log4j
1.x, although it con
utam0k edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990716441
@remkop Hi! Thanks for your work and the community correspondence.
Do you have any plans to backport the correspondence to this vulnerability
to older versions of t
mageshwarang commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990765517
@remkop Thanks for clarifying on the log4j 1.x. One of my old application
is still using `log4j-1.2.17` and few of my applications are using
`log4j-over-slf4j`. But
mageshwarang edited a comment on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990765517
@remkop Thanks for clarifying on the log4j 1.x. One of my old application
is still using `log4j-1.2.17` and few of my applications are using
`log4j-over-slf4j`
iamamoose commented on pull request #608:
URL: https://github.com/apache/logging-log4j2/pull/608#issuecomment-990788953
https://www.cve.org/CVERecord?id=CVE-2021-44228
https://logging.apache.org/log4j/2.x/security.html
--
This is an automated message from the Apache Git Service.
To res
3401 - 3500 of 7264 matches
Mail list logo
